why is nod32 behind some other av products when it comes to signature based detection? like in the feb 08 test of av-comparatives.org?? just curious... hope they can do something bout this...
Signatures can cover just a very minor percentage of existing threats, no matter how big the database is (unless a particular av adds hundreds of signatures every hour, but even in that case they couldn't catch up with malware authors). The future is in heuristics combined with generic signatures and some behavior blockers (this is a special case as it's similar to firewall - it protects you as long as you know what action you're allowing/denying).